Revealed: World's largest security breach
Results 1 to 4 of 4

Thread: Revealed: World's largest security breach

  1. #1
    Join Date
    Jul 2006

    Revealed: World's largest security breach

    Revealed: World's largest security breach
    Been shopping recently? Have you got more than you bargained for?

    TJX Companies said 45.7 million accounts were compromised over nearly a two-year period, in an update of an investigation into a data breach of customer records.
    The scope of the breach, which was initially disclosed in January, is far wider than previously believed.
    Avivah Litan, an analyst with research company Gartner, said: "This is the largest security breach we've ever had worldwide. There was a case at CardSystems where 40 million records were exposed but this one looks like it was a case where the information was stolen."
    TJX, which operates discount retail chains including TK Maxx in the UK and Marshalls and TJ Maxx in the US, released additional details of the breach in a filing with the US Securities and Exchange Commission.
    In its filing, TJX noted cyber thieves first accessed its computer systems in July 2005 and installed software to harvest such sensitive customer information as account information, names and addresses, drivers' licence numbers and military and state identification. The breach continued until mid-January 2007.
    Accounts and transactions affected included credit and debit card transactions, as well as checks and returned merchandise without receipts at the company's AJ Wright, HomeGoods, Marshalls and TJ Maxx stores in the US and Puerto Rico. Credit card transactions at TJX's HomeSense and Winners stores in Canada, as well as credit and debit card transactions at its TK Maxx stores in Ireland and the UK.
    TJX rang up a pre-tax charge of $5m in the fourth quarter to deal with the computer breach, which included the costs associated with investigating the issue, improving its security systems and notifying customers.
    Those costs are likely to increase, given the multiple lawsuits customers have filed and investigations launched by a number of government agencies. According to the SEC filing, a multi-state investigation is currently underway that encompasses 30 states, and the Federal Trade Commission is also reviewing whether TJX violated US laws pertaining to consumer protection. In Canada, several privacy commissioner offices in various provinces are also reviewing the matter.
    The security breach involving CardSystems, a third-party processor of payment data for banks and merchants, resulted in the exposure of credit card numbers for 40 million accounts - a figure comparable to the TJX case. Other notable cases include data broker ChoicePoint, which affected an estimated 145,000 Americans, and the University of California at Los Angeles, in which 800,000 people had their information compromised after a security breach.
    In the case of TJX, Litan suspects attackers gained access through a wireless regional hub for the company's store controllers that handle the point-of-sale system. From there, they may have been able to work their way into TJX's central system, she noted.
    She added: "Most retailers aren't looking at their point-of-sale system. Most enterprises tend to forget about the devices hanging off of their networks. What happened here may not be all that uncommon."
    Original article:> Silicon.Net

  2. #2
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    St. Petersburg, FL
    This is old.
    Real security doesn't come with an installer.

  3. #3
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Yip: Heard it a while back. Still madness that 40 mil accounts were compromised ...
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    There's a lot of mileage left in this one. Official investigations are just starting as are private lawsuits.

    The suggestion that the original vector was an unsecured wireless hub is new to me regarding this incident?

    It will be interesting to see what crawls out of the woodwork

Similar Threads

  1. Apache, PHP, MySQL with basic security settings.
    By nightcat in forum The Security Tutorials Forum
    Replies: 9
    Last Post: May 28th, 2005, 02:47 AM
  2. Windows XP Security Guide (phase two)
    By pooh sun tzu in forum The Security Tutorials Forum
    Replies: 10
    Last Post: March 6th, 2004, 08:54 PM
  3. NEWS: This weeks Security News 10/30/02
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 5
    Last Post: October 31st, 2002, 12:59 AM
  4. NEWS: This Week in Security
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: July 18th, 2002, 04:36 AM
  5. Security Checklist
    By Ennis in forum The Security Tutorials Forum
    Replies: 3
    Last Post: December 1st, 2001, 01:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts